<?php
	$user_id = $params[0];

	if($_SERVER["REQUEST_METHOD"]=='POST') {
		$client_id = mysql_escape_string($_POST['client_id']);
		$username = mysql_escape_string($_POST['username']);
		$password_sql = $_POST['password']=='' ? '': ", `password` = '". md5(mysql_escape_string($_POST['password'])). "'";
		$name = mysql_escape_string($_POST['name']);
		$email = mysql_escape_string($_POST['email']);
		$tel = mysql_escape_string($_POST['tel']);

		$sql = "UPDATE `control_user` SET `username` = '$username', `name` = '$name', `email` = '$email', `tel` = '$tel', `level` = '$level', `client_id` = '$client_id' $password_sql WHERE `user_id` = '$user_id' LIMIT 1";
		mysql_query($sql);

		mysql_query("DELETE FROM `control_acl` WHERE `user_id` = '$user_id'");
		foreach($_POST['mod_id'] as $mod_id) {
			$sql = "INSERT INTO  `control_acl` VALUES (NULL,'$user_id', '$mod_id')";
			mysql_query($sql);
		}

		redirect('../');
		exit;
	}

	$sql = "SELECT * FROM `control_user` WHERE `user_id` = '$user_id' LIMIT 1";
	$query = mysql_query($sql);
	while($result = mysql_fetch_assoc($query)) {
		$user_id	= $result['user_id'];
		$username	= $result['username'];
		$name		= $result['name'];
		$email		= $result['email'];
		$tel		= $result['tel'];
		$level		= $result['level'];
		$client_id	= $result['client_id'];

	}
	mysql_free_result($query);

	$companyOptions = _u(sqlOptions('SELECT `client_id` AS `value`, `name` AS `label` FROM `control_client` ORDER BY `name` ASC', $client_id));



	$ACL_HTML = array();
	$sql	= "SELECT `control_mod`.*, `control_acl`.`user_id` AS `allow` FROM `control_mod` LEFT JOIN `control_acl` ON `control_mod`.`mod_id` = `control_acl`.`mod_id` AND `control_acl`.`user_id` = '$user_id' ORDER BY `control_mod`.`order`";
	$query = mysql_query($sql);
	while($result = mysql_fetch_array($query)) {
		$allow		= empty($result['allow']) ? "" : "checked='checked'";
		$ACL_HTML[] = "<li><input name=\"mod_id[]\" id=\"mod_id[]\" type=\"checkbox\" value=\"{$result['mod_id']}\" $allow />{$result['name']}</span>";
	}
	mysql_free_result($query);
	$ACL_HTML = implode("", $ACL_HTML);

	function getAllow($mod_id, $user_id) {
		$sql = "SELECT COUNT(`mod_id`) AS `allow` FROM `control_acl` WHERE `user_id` = '$user_id' AND `mod_id` = '$mod_id'";
		$query = mysql_query($sql);
		while($result = mysql_fetch_array($query)) {
			$allow = $result['allow'];
		}
		mysql_free_result($query);

		return $allow;
	}
?>